Question - PolicyKit

dawg dirTdogE at Gmail.com
Tue Jul 15 13:20:41 PDT 2008



David Zeuthen wrote:
> On Tue, 2008-07-15 at 15:01 -0400, dawg wrote:
>   
>> Sorry, I'm a lost pooch. But anyway...
>>
>> No, I don't buy into that, but I do not want to allow all things to be
>> accessible without a password. There are reasons for those dialogs, or
>> they wouldn't exist. Not everyone wants to allow anyone to access
>> everything. And if the expectation is that no one should need or want
>> the dialog, why not change PolicyKit so that it doesn't ask at all? By
>> your logic, it should all just be assumed, without ever even giving
>> the dialog with the stupid default.
>>     
>
> Uh, that's why you can change the defaults as I explained in the earlier
> mail. See, the defaults are chosen by the application developer. Of
> course some administrators will want to change them. So we provide a
> mechanism (e.g. polkit-action(1)) to do exactly that.
>   
I may have misunderstood you. Changing the default for the checkbox is 
exactly what I want to do. It sounded like you were stating that it was 
only possible to make it so that the "remember" option is *never* shown 
(not what I want).
>   
>> The only problem with the dialog is that you slow down ADMINISTRATORS
>> by making them uncheck the default every time (and even more so if
>> they forget once and then have to fix it through some other dialog).
>> If the "human" or administrator wishes for the authorization to be
>> remembered, they should have to check the box to remember -- because
>> they would only have to do it once! They wouldn't see the dialog
>> again. On the other hand, if the administrator does not want the info
>> to be remembered, he or she will have to uncheck the option every
>> single time.
>>     
>
> Keep in mind that some actions does not come with a "remember
> authorization" check box at all. For example
>
>         $ polkit-action --action org.freedesktop.packagekit.localinstall-untrusted
>         action_id:        org.freedesktop.packagekit.localinstall-untrusted
>         description:      Install untrusted local file
>         message:          Further authentication is required to install an untrusted local file
>         default_any:      no
>         default_inactive: no
>         default_active:   auth_admin
>         
> doesn't.
>
> It's up to the application developer to choose whether the
> authorization. Now, if you as an administrator disagrees with the
> upstream developer simply change the default using polkit-action(1). And
> if you think, for whatever reason, that the upstream developer should
> change it upstream go talk to him. Try to convince him that it doesn't
> make sense users should retain the authorization. 
>   
I was not saying that it doesn't make sense to allow them to retain 
authorization (I *want* it to in some cases), I am only saying it 
doesn't make sense for the checkbox to be ticked by default if it 
doesn't remember that it was unchecked in previous instances.
> I bet in most cases the upstream developer will reject such a feature
> request simply because it doesn't make sense to ask for passwords for
> such mundane things as mounting a disk, installing a signed trusted RPM
> etc. etc. in a consumer style setting where the user is sitting right in
> front of the system.
>   
I agree that it doesn't make sense to ask for passwords for mounting 
disks (in most cases). (Of course it makes perfect sense in certain 
secure environments.) I happily let PolicyKit retain that authorization. 
However, for example, I do *not* want a user to be able to uninstall 
whatever they want. My family is not as familiar with Linux as I am 
(indeed, I've completely broken my system by mistake while uninstalling 
things in the past), but more to the point, someone could uninstall 
security software such as firewalls, etc., which certainly is a security 
concern. It might not even be the end user -- they might simply walk 
away from their station at work or whatnot ever else.
> Think about it. You're asking for a default where the "keep
> authorization" check box is to be unchecked when the dialog comes up.
> That's a terrible default since most people won't read the dialog as you
> point out yourself. So the result is that people will keep being
> interrupted by password dialogs. Which sucks.
>   
I did not say that most people wouldn't read the dialog. But you are 
right, people don't read it if they see it all of the time.

If the checkbox was not defaulted to ticked (as I am suggesting), the 
worst case scenario (with regard to the point you are making) is that 
some stupid users may never bother to change the option. So what? It 
would be their own fault, and, arguably, they would probably eventually 
notice the option. Besides, most people are familiar with the idea of 
checking a box to remember their password if they use the Web on a 
regular basis.

On the other hand, if the user does not read the dialog and the default 
is checked, they will have unwittingly changed a security setting on 
their computer! And you are saying the former is worse?
>   
>> I don't mean to sound like an arrogant ass, but I do not understand
>> how you can't see the point I'm trying to make. The only thing I can
>> possibly think of is that you are assuming the administrator is a
>> separate account or something...? Sure, that may be the case, but
>> there are many situations in which the admin would want to perform an
>> action without logging out the current user or taking the TIME to log
>> in to a second account or use the command line or whatnot ever else.
>>     
>
> Maybe if you could come up with concrete examples of what problems you
> have it would be useful, e.g. in what polkit authentication dialogs
> (need the action name, see Details> in the dialog) do you run into where
> you wish the "retain authorization" checkbox wasn't clicked by default?
>   
I don't want users (for example) to be able to uninstall programs which 
are needed for system stability, security, or so on.

I'm sorry, I do not understand what question or statement you are making 
in parenthesis above...
> (also, please avoid HTML mail and please reply inline, e.g. no top
> posting. Thanks.)
>   
Sorry. I believe I've switched to plain text in this message.
>       David
>   
Nate
>
>
>
>   




More information about the polkit-devel mailing list